RSS Newsletter

Widget Worries Persist for Apple

Author: Jason Cundall
Published: 23rd May 2005

The latest update to OSX may have closed some issues with Tiger's widgetry, but concerns still abound over the self contained applications ability to take control of a users' admin privileges on the targeted Mac, according to reports:

Widgets, or small programs that automatically install after downloading, were introduced in Tiger for the Dashboard, which overlays the desktop. An attacker could write a malicious widget for Mac OS X 1.4 Tiger that would run invisibly in the background and hijack a user's "sudo," or administrative, privileges on a system, according to an alert distributed on the Full Disclosure mailing lists late Wednesday. With administrative privileges, the attacker would have full control over the targeted Mac.

More from news.com

Why, exactly, would a widget ever need administration rights / privileges? And with that in mind, why have Apple allowed it? I've got to agree with Zdziarski on this - it's an issue that should have been addressed in the previous security release. What say you?

Recent articles on bit-tech.net

• Spore Competition winner announced!
• Seagate joins enterprise SSD market
• No More Heroes 2 to have two UK versions
• Halo 3: Recon detailed
• Fallout 3 already pirated for the Xbox 360
• Asus to add touch to Eee PC
• Latest News Headlines

• Comments (0)
• Email to a friend

We've not created a discussion thread for this story yet. You're welcome to browse our discussion forum in the mean time.